Path: news.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!news-out.cwix.com!newsfeed.cwix.com!bloom-beacon.mit.edu!panix!not-for-mail
From: sweh@spuddy.mew.co.uk (Stephen Harris)
Newsgroups: comp.databases.oracle.server
Subject: Re: Verifying passwords have been changed in oracle
Date: Mon, 11 Nov 2002 14:31:52 -0500
Organization: *NOT* Spud's Public Usenet Domain
Lines: 17
Message-ID: <8j0pqa.dje.ln@spuddy.org>
References: <8modqa.6et.ln@spuddy.org> <3dca7941.52781155@ausnews.austin.ibm.com> <m6neqa.8tu.ln@spuddy.org> <3dcbd187.55502918@ausnews.austin.ibm.com> <s94hqa.s81.ln@spuddy.org> <B9F1D05E.217A%markbtownsend@attbi.com> <9s3mqa.o5c.ln@spuddy.org> <3DCFFE33.FCF974C9@exesolutions.com>
NNTP-Posting-Host: absinthe.tinho.net
X-Trace: reader1.panix.com 1037043117 713 166.84.5.228 (11 Nov 2002 19:31:57 GMT)
X-Complaints-To: abuse@panix.com
NNTP-Posting-Date: Mon, 11 Nov 2002 19:31:57 +0000 (UTC)
Xref: newsfeed1.easynews.com comp.databases.oracle.server:166572
X-Received-Date: Mon, 11 Nov 2002 12:31:41 MST (news.easynews.com)

Daniel Morgan <dmorgan@exesolutions.com> wrote:
> Security is best instituted before you start using a database, not after the fact.
> But you can still accomplish the goal by expiring all passwords and forcing them
> to be reset.

Yes, we _should_ be doing this security stuff when the database is built.
Our procedures require it.  I need to verify that it has been done; that
the production DBAs didn't make a mistake or accidentally miss a step.

This is auditing; ie confirmation that stuff has been done properly.  I'm not
enforcing or changing things.

-- 
                                 Stephen Harris
                              sweh@spuddy.mew.co.uk
      The truth is the truth, and opinion just opinion.  But what is what?
       My employer pays to ignore my opinions; you get to do it for free.